Phalcon, Python, NodeJS or even PHP on the battle of benchmark

Well, developers are surrounded by many stuffs mentioned on the title. Those things have their own market ...
Just have a look then make your choice...

We have some results of performance benchmark below, that all basic testing with response of "Hello World!" and we will move on a more advanced environment testing later. Then we will have RMDB, NoSQL, Session or anythings else that these stuffs often work with.

Nah, let's see:

NginX serve html file.

PHP-FPM + NginX, default configuration, what a downgrade :))

Oh wait, see what happened after some changes of configuration. Take care about min_spare_servers, max_spare_servers, start_servers ... they depend on your server resource, don't leave them GROSS.

Ok, now PHP APC but APC has issues with PHP version 5.5, don't upgrade your PHP server or you must use other one.

Meanwhile, built-in PHP Opcode gave a peak.

Ah, by the way have you ever heard about PHP Built-in Web Server?

They came from 5.4.0. php -S localhost:2000

Not bad huh?

So, people are messing around : Hey guy, do you know NodeJS? What the *beep* is it?

Hohoho, I think they said that it's blazing fast...

Ah, result above taken with single core CPU because by default NodeJS use single core of CPU.
How about add more CPU core? Okay, cluster gives you a hand. npm install cluster

The more you add the more you get :v

Next...

Phalcon, a PHP framework installed as a module. extension=phalcon.so easy as f***

By the way, Phalcon testing result above came from a little difference structure.

I did it like a minimal application:
application_folder

              |--------app

                    |---------controllers

              |--------public

                    |---------index.php(where the request attack :v)

So don't give it a f*** because the low number from the test. We will build other ones as minimal application someday later to have their fair ;)

The last guy, Tornado from Python world. Non-blocking HTTP server, right?

Good enough?
No, I spent long time with these guys and now need a rest. Result with more complicated application will be added later.

See ya!!!
RocknRoll

Lại là IE

Data return from uploaded image with some kind of browsers!

Firefox

Array
(
[name] => 7687.png
[type] => image/png
[tmp_name] => D:\xampp\tmp\phpB07.tmp
[error] => 0
[size] => 14618

)

IE 8

Array
(
[name] => 7687.png
[type] => image/x-png
[tmp_name] => D:\xampp\tmp\phpA7E.tmp
[error] => 0
[size] => 14618
)

IE6

Array (
[name] => 7687.png
[type] => image/x-png
[tmp_name] => D:\xampp\tmp\phpB05.tmp
[error] => 0 [size] => 14618
)

Chrome

Array (
[name] => 7687.png
[type] => image/png
[tmp_name] => D:\xampp\tmp\phpA81.tmp
[error] => 0 [size] => 14618
)

Opera

Array (
[name] => 7687.png
[type] => image/png
[tmp_name] => D:\xampp\tmp\phpAE7.tmp
[error] => 0 [size] => 14618
)

Safari

Array
(
[name] => 7687.png
[type] => image/png
[tmp_name] => D:\xampp\tmp\phpB11.tmp
[error] => 0 [size] => 14618
)

So sánh mấy mảng trả về từ form upload cái ảnh png, ông IE nhà ta chơi 1 mình một MIME =)) check vỡ mẹt :|

isset() và empty ()

Hôm nay thấy cái mail của toppic 1 bợn trong Professonal-PHP nói về vụ phân biệt 2 cái này, sực nhớ đôi lúc cũng hơi khựng chút với cái mớ type comparison :">. Tiện chép về sau còn dễ nhớ :

Comparisons of $x with PHP functions

Expression	gettype()	empty()	is_null()	isset()	boolean : if($x)
$x = "";	string	TRUE	FALSE	TRUE	FALSE
$x = null	NULL	TRUE	TRUE	FALSE	FALSE
var $x;	NULL	TRUE	TRUE	FALSE	FALSE
$x is undefined	NULL	TRUE	TRUE	FALSE	FALSE
$x = array();	array	TRUE	FALSE	TRUE	FALSE
$x = false;	boolean	TRUE	FALSE	TRUE	FALSE
$x = true;	boolean	FALSE	FALSE	TRUE	TRUE
$x = 1;	integer	FALSE	FALSE	TRUE	TRUE
$x = 42;	integer	FALSE	FALSE	TRUE	TRUE
$x = 0;	integer	TRUE	FALSE	TRUE	FALSE
$x = -1;	integer	FALSE	FALSE	TRUE	TRUE
$x = "1";	string	FALSE	FALSE	TRUE	TRUE
$x = "0";	string	TRUE	FALSE	TRUE	FALSE
$x = "-1";	string	FALSE	FALSE	TRUE	TRUE
$x = "php";	string	FALSE	FALSE	TRUE	TRUE
$x = "true";	string	FALSE	FALSE	TRUE	TRUE
$x = "false";	string	FALSE	FALSE	TRUE	TRUE

Loose comparisons with ==

	TRUE	FALSE	1	0	-1	"1"	"0"	"-1"	NULL	array()	"php"	""
TRUE	TRUE	FALSE	TRUE	FALSE	TRUE	TRUE	FALSE	TRUE	FALSE	FALSE	TRUE	FALSE
FALSE	FALSE	TRUE	FALSE	TRUE	FALSE	FALSE	TRUE	FALSE	TRUE	TRUE	FALSE	TRUE
1	TRUE	FALSE	TRUE	FALSE	FALSE	TRUE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE
0	FALSE	TRUE	FALSE	TRUE	FALSE	FALSE	TRUE	FALSE	TRUE	FALSE	TRUE	TRUE
-1	TRUE	FALSE	FALSE	FALSE	TRUE	FALSE	FALSE	TRUE	FALSE	FALSE	FALSE	FALSE
"1"	TRUE	FALSE	TRUE	FALSE	FALSE	TRUE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE
"0"	FALSE	TRUE	FALSE	TRUE	FALSE	FALSE	TRUE	FALSE	FALSE	FALSE	FALSE	FALSE
"-1"	TRUE	FALSE	FALSE	FALSE	TRUE	FALSE	FALSE	TRUE	FALSE	FALSE	FALSE	FALSE
NULL	FALSE	TRUE	FALSE	TRUE	FALSE	FALSE	FALSE	FALSE	TRUE	TRUE	FALSE	TRUE
array()	FALSE	TRUE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	TRUE	TRUE	FALSE	FALSE
"php"	TRUE	FALSE	FALSE	TRUE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	TRUE	FALSE
""	FALSE	TRUE	FALSE	TRUE	FALSE	FALSE	FALSE	FALSE	TRUE	FALSE	FALSE	TRUE

Strict comparisons with ===

	TRUE	FALSE	1	0	-1	"1"	"0"	"-1"	NULL	array()	"php"	""
TRUE	TRUE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE
FALSE	FALSE	TRUE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE
1	FALSE	FALSE	TRUE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE
0	FALSE	FALSE	FALSE	TRUE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE
-1	FALSE	FALSE	FALSE	FALSE	TRUE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE
"1"	FALSE	FALSE	FALSE	FALSE	FALSE	TRUE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE
"0"	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	TRUE	FALSE	FALSE	FALSE	FALSE	FALSE
"-1"	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	TRUE	FALSE	FALSE	FALSE	FALSE
NULL	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	TRUE	FALSE	FALSE	FALSE
array()	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	TRUE	FALSE	FALSE
"php"	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	TRUE	FALSE
""	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	FALSE	TRUE

PHP security video

This Tutorial covers Cross Site Scripting (XSS), Cross Site Forgery Requests (CSFR), SQL Injection, globals, and much more!

Basic Cross-site request forgery

Now, I'm woking with a new framework. It's a new one, so that I think it's not secured.
Assume that I'm a customer and after use this source code, if I find out any bug... what will happen if I want to be a 'bad man' not 'bat man' :))


After analyze I have an action in administrator panel.
Example, when working with customer module:

"http://our_local_server/administrator/index.php?module=loadajax&action=deleteall&table=user&fprimary=id&cond=0,%276%27&fname=etc"

Consider the bold text :

When I call this url, system will 'delete' all the item include in condition value %27 means ' label (0,'6'). The result is the item with id=6 will be deleted from database.

Ok, now I compose an email html like :

<@body>
You won $1,000,000

<@iframe src="http://our_local_server/administrator/index.php?page=loadajax&action=deleteall&table=user&fprimary=id&cond=0,%276%27&fname=etc" width="0" height="0">
<@/body>

Will you read it???
I wont. But it's only example ^^.
Send it to the administrator of site when him/her logged in.
I dont need to login or something else with this system.
The administrator will do it for me because he/she have authiencation.
Imagine if I call an url in a loop :

for($i=0;$i<=999999;++$i) { //call the action url here }

What will happen :D

Solution: Assign a token value for any action.
Example:

index.php?page=loadajax&action=deleteall&table=user&fprimary=id&cond=0,%276%27&fname=etc&token=10d3612ccee6f20d650288855624f9ad

And check this token before execute any action.

Lazy Loading to improve performance of your php code

See above example code, or event you do like that :D :

<?php
require '/class/Database.php';
require '/class/Common.php';
require '/class/Action.php';
require '/class/Template.php';
require '/class/Module.php';

?>

It's not good for server because php engine must load every file when execute, in case of it's not necessary.

<?php
define('CLASS_DIR', 'class/')
set_include_path(get_include_path().PATH_SEPARATOR.CLASS_DIR);
spl_autoload_extensions('.class.php');
spl_autoload_register();

function autoload($className)
{
include_once($className);
}


$user = new user();
?>

This message is quoted from "zend certification study guide" :">
"By default, SPL uses its own autoloader, called spl_autoload(); this built-in
function checks all include paths for filenames that match the name of the class
that needs loading in lowercase letters, followed by .inc, .php, or the exten-
sions specified using a comma-separated string as the only parameter to a call to
spl_autoload_extensions()"

Regard to function spl_autoload_extensions(), it allow you to define extension of filename.

Từ PHP không được sử dụng trong sản phẩm viết bằng PHP

Tháng này bận quá, đến giờ mới rảnh rảnh ngồi coi cái PHP License version 3.01 tại http://www.php.net/license/3_01.txt.
Trong đó, mục 4 có ghi :

  4. Products derived from this software may not be called "PHP", nor
 may "PHP" appear in their name, without prior written permission
 from group@php.net.  You may indicate that your software works in
 conjunction with PHP by saying "Foo for PHP" instead of calling
 it "PHP Foo" or "phpfoo"

Sản phẩm không được đặt tên là "PHP" hoặc không có từ PHP xuất hiện trong tên.
Vậy là phpmyadmin, phpcake, phpbb... :|, đồng loạt đi xin permission hết zồi :-j

PHP Benchmark tests

This article is taken from php.lt

NOTE

You must keep in mind to refresh this page a few times to "catch" the right result. The numbers change sometimes drastically during each refresh. I assume that this is because of PHP's memory garbage collector that drops in randomly and also other processes that run on this machine have an influence.

---

Test: READ LOOP: foreach() vs. while(list()=each())
What is the best way to loop a hash array? Given is a Hash array with 100 elements, 24byte key and 10k data per entry I've chosen the large data amount to try out what happens if I reference the data with the &-ref-operator (to avoid copying). But to my surprise the loops are never faster! In tests 5 and 6 are even 10x - 30x slower !! The larger the data entrys are the slower the tests 5 and 6 get! Copying seams always faster then using the &-ref-operator. Way ??? Let me know at bs_php@users.sourceforge.net
+ 411 %	1: foreach($aHash as $val);	Total time: 6[ms]
+ 196 %	2: while(list(,$val) = each($aHash));	Total time: 3[ms]
+ 901 %	3: foreach($aHash as $key=>$val);	Total time: 14[ms]
+ 938 %	4: while(list($key,$val)= each($aHash));	Total time: 15[ms]
+ 625 %	5: foreach($aHash as $key=>$val) $tmp[] = &$aHash[$key];	Total time: 10[ms]
+ 598 %	6: while(list($key) = each($aHash)) $tmp[]=&$aHash[$key];	Total time: 9[ms]
+ 200 %	7: Get key-/ value-array: foreach($aHash as $key[]=>$val[]);	Total time: 3[ms]
+ 100 %	8: Get key-/ value-array: array_keys() / array_values()	Total time: 2[ms]
+ 148 %	9: STRANGE: This is the fasetest code when using the the &-ref-operator (to avoid copying) $key = array_keys($aHash); $size = sizeOf($key); for ($i=0; $i<$size; $i++) $tmp[] = &$aHash[$key[$i]];	Total time: 2[ms]
Conclusion: It must have something to do with PHP4 variable ref-count So you can safely use foreach and only use the &-ref-operator when realy needed OR (according to the link above) when passing objects to functions. (Thanx to Wayne for his help)

---

Test: MODIFY LOOP: foreach() vs. while(list()=each())
While the above test only reads and copies the data the question arised what would happen if I modify each value of the hash above. Again I an unexpected result. Even if I reduce the data size to 100 byte p. e. it ends up that Nr.3 is 1.5 - 2x faster.
+ 602 %	1: foreach($aHash as $key=>$val) $aHash[$key] .= "a";	Total time: 14[ms]
+ 134 %	2: while(list($key) = each($aHash)) $aHash[$key] .= "a";	Total time: 3[ms]
+ 100 %	3: STRANGE: This is the fasetest code : $key = array_keys($aHash); $size = sizeOf($key); for ($i=0; $i<$size; $i++) $aHash[$key[$i]] .= "a";	Total time: 2[ms]
Conclusion: Use foreach unless the hash is lage AND has lage data elements. In that case use variation Nr.3 .

---

Test: For-loop test
Is it worth the effort to calculate the length of the loop in advance? E.g. "for ($i=0; $i<$size; $i++)" instead of "for ($i=0; $i
+ 100 %	1: With pre calc	Total time: 3[ms]
+ 1021 %	2: Without pre calc	Total time: 35[ms]
Conclusion: The test above speeks for it self. Always calculate the length of the loop in advance!

---

Test: Using the &-ref-operator as so called "alias"
Is a good idea to use the &-ref-operator to substitute (or alias) a complex mutidim-array? . Call 1'000x E.g. $person = &$aHach["country"]["zip"]["streat"]["number"]["name"]
+ 103 %	1: NO Aliasing. Using: $aSingleDimArray[$i]	Total time: 3[ms]
+ 100 %	2: Aliasing. Using: $alias = &$aSingleDimArray[$i]	Total time: 3[ms]
+ 147 %	3: NO Aliasing. Using: $aMultiDimArray[$i]["aaaaa"]["aaaaaaaaaa"]	Total time: 5[ms]
+ 110 %	4: Aliasing. Using: $alias = &$aMultiDimArray[$i]["aaaaa"]["aaaaaaaaaa"]	Total time: 3[ms]
+ 208 %	5: NO Aliasing. Using: veryMultiDimArray[$i]["a"]["aa"]["aaa"]["aaaa"]["aaaaa"]	Total time: 7[ms]
+ 126 %	6: Aliasing. Using: $alias = &$veryMultiDimArray[$i]["a"]["aa"]["aaa"]["aaaa"]["aaaaa"]	Total time: 4[ms]
Conclusion: It seams to be ok to use aliases. It also makes the code more readabel. But I was expecting to get a lager performance gain; especially with very multdimetional arrays.

---

Test: $obj = new SomeClass() vs. $obj =& new SomeClass() using the =&-ref-operator
Is a good idea to use the =&-ref-operator when creating a new object? Call 1'000x
+ 103 %	1: $obj = new SomeClass()	Total time: 4[ms]
+ 100 %	2: $obj =& new SomeClass()	Total time: 4[ms]
+ 207 %	3: $obj =& $someClass->f();	Total time: 8[ms]
+ 135 %	4: $obj = $someClass->f();	Total time: 6[ms]
Conclusion: There seams to be no difference in performance.

---

Test: double (") vs. single (') quotes
Is a there a difference in using double (") and single (') quotes for strings. Call 1'000x
+ 100 %	1: single (') quotes. Just an empty string: $tmp[] = '';	Total time: 1[ms]
+ 102 %	2: double (") quotes. Just an empty string: $tmp[] = "";	Total time: 1[ms]
+ 114 %	3: single (') quotes. 20 bytes Text : $tmp[] = 'aaaaaaaaaaaaaaaaaaaa';	Total time: 1[ms]
+ 111 %	4: double (") quotes. 20 bytes Text : $tmp[] = "aaaaaaaaaaaaaaaaaaaa";	Total time: 1[ms]
+ 111 %	5: single (') quotes. 20 bytes Text and 3x a $ : $tmp[] = 'aa $ aaaa $ aaaa $ a';	Total time: 1[ms]
+ 172 %	6: double (") quotes. 20 bytes Text and 3x a $ : $tmp[] = "aa $ aaaa $ aaaa $ a";	Total time: 2[ms]
+ 111 %	7: double (") quotes. 20 bytes Text and 3x a \$ : $tmp[] = "aa \$ aaaa \$ aaaa \$ a";	Total time: 1[ms]
Conclusion: Single and double quoted strings behave almost the same with one exception: Don't use the a lonely ($) in double quoted string unless you want to reference a PHP-var; or use (\$).

---

Test: isSet() vs. empty() vs. is_array()
What is the performance of isSet() and empty(). Call 2'000x
+ 100 %	1: isSet() with var that was set	Total time: 1[ms]
+ 101 %	2: empty() with var that was set	Total time: 1[ms]
+ 108 %	3: isSet() with var that was *not* set	Total time: 1[ms]
+ 101 %	4: empty() with var that was *not* set	Total time: 1[ms]
+ 127 %	5: isSet() with array-var that was set	Total time: 2[ms]
+ 131 %	6: empty() with array-var that was set	Total time: 2[ms]
+ 125 %	7: isSet() with array-var that was *not* set	Total time: 2[ms]
+ 126 %	8: empty() with array-var that was *not* set	Total time: 2[ms]
+ 140 %	9: is_array() of an array	Total time: 2[ms]
+ 140 %	10: is_array() of a string	Total time: 2[ms]
+ 343 %	11: is_array() of a non set value	Total time: 4[ms]
+ 115 %	12: isSet() AND is_array() of a non set value	Total time: 1[ms]
Conclusion: isSet() and empty() are identical. Interesting that a is_array() on a unset val is 3x slower. So alway check if val is set at all befor using type-checking. E.g. if (isSet($foo) AND is_array($foo))

---

Test: switch/case vs. if/elseif
Is a there a difference between switch and if elseif. Call 1'000x
+ 131 %	1: if and elseif (using ==)	Total time: 3[ms]
+ 100 %	2: if and elseif (using ===)	Total time: 2[ms]
+ 107 %	3: case	Total time: 2[ms]
Conclusion: Using a switch/case or if/elseif is almost the same. Note that the test is unsing === and is slitly faster then using ==.

Internet Explorer SUCKS

I've just finished my project, it had multi file upload feature. And there were some problems.

First I used muti file upload from Fyneworks.
It's good.

The trouble came when I validate mime type of uploaded-file.
First I collected a list of mime type, you can search it from internet. And below is the list mime type that I used to validate uploaded-file:

$allow_file = array('gif','jpg','png','doc','docx','rar','zip','wma','mp3','pdf');
$allow_mime = array(
'image/gif', 'image/jpeg', 'image/png',
'application/msword', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'application/x-rar-compressed', 'application/zip',
'application/octet-stream','application/force-download','image/pjpeg', //fix for suck mime of ie *_*
'audio/mpeg', 'audio/x-ms-wma',
'application/pdf'
);

zip application/zip
doc application/msword
docx application/vnd.openxmlformats-officedocument.wordprocessingml.document
jpeg image/jpeg
jpg image/jpeg
doc application/msword
mp3 audio/mpeg3
rar application/x-rar-compressed

When validate in client by javascript, it's ok.
But when validate by php, the trouble come!!!
In Firefox the mime type of uploaded-file is true.
But when i use Internet Explorer v6 to submit file, some file is missing.
What's the f*ck!ng ???
Hum,....
I've used the print_r to debug, it's really good at this instance.

Let's see:
In Firefox : All mime type are right!!!
ex:

rar => application/x-rar-compressed
zip => application/zip
and
jpeg => image/jpeg

But in Internet Explorer:

rar => application/force-download
zip => application/octet-stream
and
jpeg => image/pjpeg

I have not tested all the mime type, but now I know the reason of missing file.
:D